[ZendTo] Re: Local IP and Request Code

Barry Kwok barry at easytech.com.hk
Mon Mar 21 09:20:43 GMT 2011


On Mon, Mar 21, 2011 at 5:08 PM, Jules <Jules at zend.to> wrote:

>
>
> On 21/03/2011 08:47, Barry Kwok wrote:
>
> 2. Request code
> Should it be more easier to dictate over phone If use *digits *instead.
> (eg. 5 digits. I think it is secure enough)
>
>  It would need to be a lot more than 5 digits. Imagine what happens if
> someone tries to break it with 10,000 PCs all trying 5 numbers per second,
> which is quite possible. You need to be proof against massive-scale attacks
> like that, or they can and will brute-force it. I would say 9 digits at
> least. At which point 3 words are probably more reliably input.
>
>
>
I thinkk brute-force attack should be protected by other means instead. eg.
fail2ban can block ip address by reading a log file.

-- barry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20110321/f2617747/attachment-0001.html 


More information about the ZendTo mailing list